Lucene search

Prototype Pollution in node.extend

🗓️ 07 Feb 2019 18:34:17Reported by GitHub Advisory DatabaseType

Versions of `node.extend` before 1.1.7 or 2.0.1 are vulnerable to prototype pollution. Update to version 1.1.7, 2.0.1 or later

Reporter	Title	Published	Views	Family All 12
Veracode	Prototype Pollution	4 Feb 201901:17	–	veracode
UbuntuCve	CVE-2018-16491	1 Feb 201900:00	–	ubuntucve
Hacker One	Node.js third-party modules: Prototype pollution attack in node.extend	30 Oct 201811:42	–	hackerone
Cvelist	CVE-2018-16491	1 Feb 201918:00	–	cvelist
Prion	Buffer overflow	1 Feb 201918:29	–	prion
Debian CVE	CVE-2018-16491	1 Feb 201918:29	–	debiancve
Node.js	Prototype Pollution	6 Feb 201901:11	–	nodejs
OSV	Prototype Pollution in node.extend	7 Feb 201918:17	–	osv
CVE	CVE-2018-16491	1 Feb 201918:29	–	cve
NVD	CVE-2018-16491	1 Feb 201918:29	–	nvd

Vulners

Node

dreamerslab node.extendMatch2.0.0

dreamerslab node.extendRange<1.1.7

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2018-16491
hackerone	www.hackerone.com/reports/430831
github	www.github.com/advisories/GHSA-r96c-57pf-9jjm
npmjs	www.npmjs.com/advisories/781

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

07 Feb 2019 18:17Current

4.2Medium risk

Vulners AI Score4.2

CVSS27.5

CVSS39.8

EPSS0.00665

CWE-400